Privacy data Regulations
The Federal Trade Commission (FTC) is an independent U.S. law enforcement agency charged with protecting consumers and enhancing competition across broad sectors of the economy. Its primary legal authority comes from Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive practices in the marketplace. The FTC also has authority to enforce a variety of sector-specific laws, including the Truth in Lending Act, the CAN-SPAM Act. The Children’s Online Privacy Protection Act, the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Debt Collection Practices Act, and the Telemarketing and Consumer Fraud and Abuse Prevention Act. These are all regulations designed to protect consumer information.
Responsible Sharing & Usage of user data
Companies engaging in big data analytics should consider whether they are violating any material promises to consumers. It makes no difference whether the promises were to refrain from sharing data with third parties, to provide consumers with choices about sharing, or to safeguard consumers’ personal information if the company failed to disclose material information to the customer. Companies that obtain big data on consumers have a responsibility to secure and protect consumers’ data. Companies must not sell their big data analytics to customers if they know or have reason to believe that those customers will use the products for fraudulent, discriminatory purposes or not for its intended purpose. The Facebook investigation involving the Cambridge Analytica focuses on the fact that users accepted the terms of the personality test and authorized the app to analyze their personal data, but did the users authorize the app to collect data about their friends. It isn’t currently clear on whether Facebook violated the consent decree, which says that Facebook is not liable when users consent to give their friends’ information to Facebook. The FTC is investigating to discover any other illegal activities. Many new lawsuits allege that Facebook engaged in deceptive practices because it represented to the public that strict limitations and protocols on data gathering were in place, but that Facebook knowingly allowed app developers to accumulate and mine data in excess of these policies.
Financial regulatory compliance & user data
Before the Right to Financial Privacy Act of 1978 was enacted, the US government did not have to tell consumers if or when they were accessing their records, and consumers had no right to prevent them from doing this. Until the Gramm-Leach-Bliley Act, which established that financial institutions must provide clients a privacy notice that explains what information the company gathers, where the information is shared, and how the company safeguards that information. The privacy notice must also explain the customers’ opportunity to opt out, meaning the client can say no to allowing their information to be shared with nonaffiliated third parties. Unlike how the financial services industry must stay in compliance with the Gramm-Leach-Bliley Act, it is unclear whether Facebook is subject to similar data privacy regulations, which would make them responsible for the actions of Cambridge Analytica. In the financial services industry, banks are held accountable for the actions of third-party vendors and must disclose to customers if any personal non-public data will be shared with affiliates or third parties. In 2017, we learned of the major data breach from Equifax, when hackers exposed over a hundred million American consumers sensitive personal information. But so far, at a Federal level, there hasn’t been any new laws that hold companies responsible for mishandled data or data breaches. Even though Facebook is not regulated by these acts, due to the fact that they didn’t follow up or monitor how Cambridge Analytica used harvested data, Facebook Users information was used to design ads to target and influence them without their knowledge or consent.